Andrew Patterson wrote:
My credit union has another online ID system after the password; you have to
select a combination of icons to get access.
True, banking systems may get away with techniques like
this (especially in the short term as the phishers will go after
much easier targets). There's certainly a lot of activity in this
area amongst banks all around the world so at least we'll
get a good chance to see which methods pass/fail the
user acceptance test (is it practical to roll out hardware
tokens to a large segment of the public)
So is this the security token of the future?
http://national.com.au/Personal_Finance/0,,76862,00.html?campaignID=AQB&optOut=true&ncID=ZBG
Functionally it is no different. If I have the device and the password
the security is compromised.
The phone, at least in theory, is more easy to track down if stolen.
But is also reinforces the point - passwords by themselves
are on the way out (and hence shouldn't even be on the
radar when considering approaches to secure health
communications)
Security versus ease of use - the eternal dilemma. ;-(
David
_______________________________________________
Gpcg_talk mailing list
[email protected]
http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
